{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "FEDORA-2015-6114", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"name": "FEDORA-2015-6123", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"name": "GLSA-201603-10", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201603-10"}, {"name": "FEDORA-2015-6315", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://codereview.qt-project.org/#/c/108312/"}, {"name": "FEDORA-2015-6364", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"name": "USN-2626-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"name": "74309", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/74309"}, {"name": "FEDORA-2015-6252", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:54:16.434Z"}, "title": "CVE Program Container", "references": [{"name": "FEDORA-2015-6114", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"name": "FEDORA-2015-6123", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"name": "GLSA-201603-10", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201603-10"}, {"name": "FEDORA-2015-6315", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://codereview.qt-project.org/#/c/108312/"}, {"name": "FEDORA-2015-6364", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"name": "USN-2626-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"name": "74309", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/74309"}, {"name": "FEDORA-2015-6252", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2015-1858", "datePublished": "2015-05-12T19:00:00", "dateReserved": "2015-02-17T00:00:00", "dateUpdated": "2024-08-06T04:54:16.434Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:digia:qt:*:*:*:*:*:*:*:*", "matchCriteriaId": "86E76F78-582E-4473-BF2F-70452F0B6AD5", "versionEndIncluding": "4.8.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "03C7E11D-AA2C-48BB-8C50-B04E5CD3A7C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "E30B4386-B419-46B7-945F-C04F79600708", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "20079A6C-A3B9-4492-BC1F-A3B668F326D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "3E42429B-0123-428E-AD62-23000CDF7343", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2EE36CAC-6DB0-4061-AC83-AF12A30F2EFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D60AFED7-9707-4FB7-817D-E2DE4BCABE97", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "E2980C52-9843-4A39-B164-76E9583F2D7E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qt:qt:5.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBC2E1E7-F841-47A1-8D1E-9A30EC93BDF5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*", "matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image."}, {"lang": "es", "value": "M\u00faltiples desbordamientos del buffer en gui/image/qbmphandler.cpp en el m\u00f3dulo QtBase en Qt en versiones anteriores a 4.8.7 y 5.x en versiones anteriores a 5.4.2 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (fallo de segmentaci\u00f3n y ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de una imagen BMP manipulada."}], "id": "CVE-2015-1858", "lastModified": "2024-11-21T02:26:17.027", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-05-12T19:59:04.880", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74309"}, {"source": "secalert@redhat.com", "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "https://codereview.qt-project.org/#/c/108312/"}, {"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/201603-10"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/74309"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2626-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://codereview.qt-project.org/#/c/108312/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.gentoo.org/glsa/201603-10"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Richard Moore (KDE) for reporting this issue.", "bugzilla": {"description": "qt: segmentation fault in qbmphandler.cpp", "id": "1210673", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1210673"}, "csaw": false, "cvss": {"cvss_base_score": "5.1", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "status": "draft"}, "cwe": "CWE-122->CWE-125->CWE-787->CWE-805", "details": ["Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted BMP image.", "A memory corruption flaw was found in the way Qt handled certain Bitmap (BMP) files. If a user loaded a specially crafted BMP image file with an application linked against Qt, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application."], "name": "CVE-2015-1858", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "qt4", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qt3", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "qt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qt3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-03-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1858\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1858"], "threat_severity": "Moderate"}